Open-AudIT
https://www.open-audit.org/phpBB3/

Unable to do secure LDAP queries
https://www.open-audit.org/phpBB3/viewtopic.php?f=10&t=5898
Page 1 of 1

Author:  gokart [ Tue Jun 26, 2012 1:30 am ]
Post subject:  Unable to do secure LDAP queries

Hey there,

So I've tried both the IIS7 and the WAMP methods but I'm unable to query my Active Directory servers. The error I receive is:

!! Unable to bind to server !!
Err Number: -1
Err String: Can't contact LDAP server
Check that server name is correct

I'm accessing the site over HTTPS with a cert generated by OpenSSL using WAMP, but as I said it also didn't work for me when I went the IIS7 route. Any ideas?

Thanks!

Author:  jpa [ Tue Jun 26, 2012 6:34 am ]
Post subject:  Re: Unable to do secure LDAP queries

Are you able to do non-secure ldap queries?

Secure ldap connections are from the OA server to the ldap server so OA running over SSL has nothing to do with secure ldap.

Author:  gokart [ Tue Jun 26, 2012 11:25 pm ]
Post subject:  Re: Unable to do secure LDAP queries

Yup, insecure queries work fine but won't mesh with our security policies. I presumed it was tied to SSL being enabled on the site as when you check the option off for secure it pops up and tells you that feature requires independent configuration of OpenSSL.

Author:  jpa [ Sat Jun 30, 2012 12:45 pm ]
Post subject:  Re: Unable to do secure LDAP queries

Try this:
Create a text file in c:\OpenLDAP\sysconf\ldap.conf or possibly c:\ldap.conf with the following contents:
Code:
TLS_REQCERT never

This tells php to not check certificate validity. Looking over my config this is what I've done. Technically a weakening of the security.

Author:  gokart [ Fri Jul 13, 2012 7:35 am ]
Post subject:  Re: Unable to do secure LDAP queries

Thanks JPA.

I tried this to no avail, sadly. I didn't already have a C:\OpenLDAP folders, it this installed with WAMP to your knowledge?

Author:  jpa [ Fri Jul 13, 2012 8:04 am ]
Post subject:  Re: Unable to do secure LDAP queries

What exactly did you do to try it?

The TLS_REQCERT stuff is for the OpenSSL built in to PHP. Apparently php is hard coded to look for an ldap.conf in the places I listed. In my Apache 2 and PHP 5.3 config I can create or remove the ldap.conf file, restart Apache and have SSL LDAP work or not depending on the existence of the ldap.conf.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/